[perl #129196] Segmentation fault: "evalbytes S"

On Sun Sep 04 11:20:29 2016, sprout wrote:
> On Sun Sep 04 11:06:08 2016, dcollinsn@gmail.com wrote:
> > ./miniperl -e 'CORE::evalbytes S'
> > Segmentation fault
> 
> It doesn’t crash for me.
> 
> > (gdb) run
> > Starting program: /usr/local/perl-afl/bin/perl -e CORE::evalbytes\ S
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib/x86_64-linux-
> > gnu/libthread_db.so.1".
> > bt
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x00000000004bdce7 in Perl_yylex () at toke.c:7033
> > 7033                            || ((PL_opargs[PL_last_lop_op] >>
> > OASHIFT)& 7)
> 
> PL_last_lop_op is negative, isn’t it?
> 
> > 5dc13276b282d472cc1e6c349c18352bd0db89e2 is the first new commit
> > commit 5dc13276b282d472cc1e6c349c18352bd0db89e2
> > Author: Matthew Horsfall (alh) <wolfsage@gmail.com>
> > Date:   Mon Jul 2 22:20:39 2012 -0700
> >
> > For #16249 - Overwrite PL_last_lop_op when eval() is called.
> 
> If you apply the attached, which changes the line that 5dc13276 added,
> does the crash go away?
> 
> If so, could you provide a patch that adds a test that fails without
> my patch and passes with it?

Yup.

(gdb) p PL_parser->last_lop_op
$3 = 65191

Attached patch produces the following:

$ perl t/op/evalbytes.t
1..9
ok 1 - evalbytes outside feature scope
ok 2 - evalbytes basic sanity check
ok 3 - evalbytes on extra-ASCII bytes
ok 4 - evalbytes on upgraded extra-ASCII
ok 5 - evalbytes ignores outer utf8 pragma
ok 6 - use utf8 within evalbytes
ok 7 - use utf8 within evalbytes on utf8 string
ok 8 - evalbytes croaks on non-bytes
Segmentation fault
$ ./perl -Ilib t/op/evalbytes.t
1..9
ok 1 - evalbytes outside feature scope
ok 2 - evalbytes basic sanity check
ok 3 - evalbytes on extra-ASCII bytes
ok 4 - evalbytes on upgraded extra-ASCII
ok 5 - evalbytes ignores outer utf8 pragma
ok 6 - use utf8 within evalbytes
ok 7 - use utf8 within evalbytes on utf8 string
ok 8 - evalbytes croaks on non-bytes
ok 9 - [RT \#129196] evalbytes S should not segfault

-- 
Respectfully,
Dan Collins

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=129196

• [perl #129196] Segmentation fault: "evalbytes S" by James E Keenan via RT
• Re: [perl #129196] Segmentation fault: "evalbytes S" by Dan Collins
• [perl #129196] Segmentation fault: "evalbytes S" by Father Chrysostomos via RT
• [perl #129196] Segmentation fault: "evalbytes S" by Father Chrysostomos via RT
• Re: [perl #129196] Segmentation fault: "evalbytes S" by Dave Mitchell
• Re: [perl #129196] Segmentation fault: "evalbytes S" by Zefram
• Re: [perl #129196] Segmentation fault: "evalbytes S" by ilmari
• Re: [perl #129196] Segmentation fault: "evalbytes S" by Dave Mitchell
• Re: [perl #129196] Segmentation fault: "evalbytes S" by ilmari
• [perl #129196] Segmentation fault: "evalbytes S" by James E Keenan via RT
• [perl #129196] Segmentation fault: "evalbytes S" by James E Keenan via RT
• [perl #129196] Segmentation fault: "evalbytes S" by Dan Collins via RT
• [perl #129196] Segmentation fault: "evalbytes S" by Father Chrysostomos via RT
• [perl #129196] Segmentation fault: "evalbytes S" by Dan Collins